How can I implement login and profile editing in my web application without using User Flows in Azure AD B2C?

Sebastián Cura 60 Reputation points

I'm looking to implement a login and profile editing feature in my web application without using User Flows in Azure AD B2C. I want to avoid being redirected to Microsoft and instead handle the authentication and profile editing directly in my web application. What are my options for achieving this?

I have created an application in Azure AD B2C, but I am unable to add User.Read and User.Write permissions from Microsoft Graph to it.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,126 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,189 questions
{count} votes

Accepted answer
  1. James Hamil 22,891 Reputation points Microsoft Employee

    Hi @Sebastián Cura , you can use custom policies. Custom policies provide more flexibility and control over the user experience, allowing you to handle authentication and profile editing directly in your web application without being redirected to Microsoft.

    To create a custom policy for profile editing, follow these steps:

    Download the starter pack with pre-built policies, including sign-up and sign-in, password reset, and profile editing policy. You can find more information on getting started with custom policies in Azure AD B2C here.

    Modify the XML files according to your requirements and upload them to your Azure AD B2C tenant.

    Integrate the custom policy into your web application by initiating an authorization request to the custom policy-provided endpoint.

    As for adding User.Read and User.Write permissions from Microsoft Graph to your application, you can follow these steps:

    1. In the Azure portal, navigate to your Azure AD B2C application.
    2. Select "API permissions" and then click "Add a permission."
    3. Select "Microsoft APIs" and then "Microsoft Graph."
    4. Choose "Delegated permissions" and select User.Read and User.Write from the list.
    5. Click "Add permissions."

    Please note that you might need to grant admin consent for these permissions if required.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark it as "Verified" so other users can reference it.

    Thank you,


    0 comments No comments

0 additional answers

Sort by: Most helpful